CVE-2018-6237
moderate-risk
Published 2018-05-25
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation.
Do I need to act?
~
6.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (4)
Vendor Advisory
https://success.trendmicro.com/solution/1119715
Vendor Advisory
https://success.trendmicro.com/solution/1119715
45
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
9/34 · Low
Exposure
10/34 · Low